Management platform recovery for a user device

ABSTRACT

Examples described here include systems and methods for refreshing the operating system (“OS”) of a device enrolled in a management platform. Execution of a first command file ensures that necessary components of the management platform residing on the device are stored in a partitioned portion of the device hard drive to preserve them during the OS refresh. After a new instance of the OS has been installed, execution of a second command file migrates the necessary components from the partitioned portion of the hard drive to the new OS instance. When the user logs back into the refreshed device, a third command file installs all necessary device management components at the new OS instance and re-enrolls the device with the management platform. In this manner, the OS of a managed device can be refreshed and re-enrolled in the management platform without significant input from a user or administrator.

BACKGROUND

Computing devices such as a laptops, smart phones, or desktop computersoften slow down or cease working properly over a period of use.Installing and removing applications, files, and data leaves remnants ofthat data in various directories of the device hard drive, whicheventually lead to device performance issues. In other instances, theinstallation of a virus or a corrupted application or update can causeperformance issues or prevent aspects of the device from operatingaltogether. A user may find it necessary to “refresh” or “reset” thedevice operating system (“OS”). OS developers may include refresh andreset features in their software. As used herein, the term “refresh”includes reinstalling the OS in a way that retains some of the user'spersonal files, settings, and applications predetermined by the OSdeveloper. The term “reset” includes reinstalling the OS and essentiallyreturning the device to its original, out-of-the-box configuration.

However, in an Enterprise Mobility Management (“EMM”) or Mobile DeviceManagement (“MDM”) system, both the refresh and reset options poseproblems. For example, the management of the device can be broken untilcertain applications are reinstalled on the device or the device isre-authenticated by a management server. This is not only timeconsuming, but it can also pose a security risk because a user couldpotentially modify the device prior to restoration of the managementfunctionality.

In EMM and MDM systems, device management applications are installed onenrolled devices, along with device identifying information and one ormore managed applications. For example, a management agent applicationmay be installed on an enrolled device to facilitate communicationbetween the device and a management server. The agent application canalso function as, or work in tandem with, a workspace application inwhich other managed applications operate. This configuration provides asecure, managed environment on the device for managed applications suchas an email application, a file sharing application, or a VPNapplication. Device identifying information, such as a unique device ID,an enrollment key, and authentication tokens, are used to enroll adevice with a management server and authenticate communications betweenthe device and the server or an administrator console that is also incommunication with the server.

The management applications, device identifying information, and managedapplications are all removed from a device during a refresh or reset ofthe OS. As important, the authenticated communication channel previouslyestablished between the device and the management server is lost. Thismakes re-installation of the necessary management and managedapplications, as well as the re-enrollment of the device with themanagement server by an authenticated communication channel, veryburdensome and time consuming for both the device user and anadministrator overseeing device management within an enterprise.

As a result, a need exists for systems and methods that allow users ofmanaged devices, as well as enterprise administrators, to quicklyrestore a previously-configured management platform on devices that haveundergone a refresh or reset of its OS.

SUMMARY

Examples described herein include systems and methods for refreshing theOS of a device enrolled in a management platform. An example methodincludes receiving a request, from either an administrator console or adevice, to refresh the OS of the device. Upon initiation of the refreshprocess, device identification data, one or more management applicationinstallation files, and one or more managed application installationfiles can be stored in a recovery folder of the existing OS. A newinstance of the OS can then be installed while retaining the contents ofthe recovery folder in a partitioned portion of the device hard drive.After creation of the new instance of the OS, the contents of therecovery folder can be migrated over from the partitioned portion of thehard drive to the new OS.

Upon a first login to the device by the user, an unattended answer filecan initiate re-installation of the management application(s) andmanaged application(s) at the new instance of the OS. With themanagement application(s) re-installed and the device identificationdata preserved, the device can also be automatically re-enrolled in themanagement platform and restore communication with a management server.

Backing up and migrating recovery folder contents, as well asre-installing the applications and re-enrolling the device in themanagement platform, can all be accomplished by a series of commandfiles previously stored on the device. If the command files do notalready exist on the device, they can be requested in response to therequest to refresh the OS. Once stored on the device, the files canautomatically execute in response to the request to refresh the OSwithout requiring any further configuration by the user or anadministrator.

The examples summarized above can also be incorporated into anon-transitory, computer-readable medium having instructions that, whenexecuted by a processor associated with a computing device, cause theprocessor to perform the stages described. Additionally, the examplemethods summarized above can each be implemented in a system including,for example, a memory storage and a computing device having a processorthat executes instructions to carry out the stages described.

Both the foregoing general description and the following detaileddescription are exemplary and explanatory only and are not restrictiveof the examples, as claimed.

BRIEF DESCRIPTION OF THE DRAWINGS

FIG. 1 is a flowchart of an example method for refreshing the operatingsystem of a device enrolled in a management platform.

FIG. 2 is a flowchart of an example method for refreshing the operatingsystem of a device enrolled in a management platform.

FIG. 3 is a flowchart of an example method for refreshing the operatingsystem of a device enrolled in a management platform.

FIG. 4 is a flowchart of an example method for refreshing the operatingsystem of a device enrolled in a management platform.

FIG. 5 is a sequence diagram of an example method for refreshing theoperating system of a device enrolled in a management platform.

FIG. 6 is a flowchart of an example method for resetting the operatingsystem of a device enrolled in a management platform.

FIG. 7 is a flowchart of an example method for resetting the operatingsystem of a device enrolled in a management platform.

FIG. 8 is a sequence diagram of an example method for resetting theoperating system of a device enrolled in a management platform.

FIG. 9 is a system diagram of an example system for refreshing orresetting the operating system of a device enrolled in a managementplatform.

DESCRIPTION OF THE EXAMPLES

Reference will now be made in detail to the present examples, includingexamples illustrated in the accompanying drawings. Wherever possible,the same reference numbers will be used throughout the drawings to referto the same or like parts.

Examples described herein include systems and methods for refreshing theOS of a device enrolled in a management platform. A request to refreshthe OS is received at the device. Upon receipt, the device can confirmwhether the necessary refresh process files are present and stored in arecovery folder of the OS. The refresh process files can include one ormore scripts or command files for executing steps during the refresh. Ifthe refresh process files are present, the device can initiate therefresh process by executing a first command file of the refresh processfiles.

The first command file can store relevant management applications,managed applications, and device identification information to therecovery folder of the device OS. During the refresh, a portion of thedevice hard drive can be partitioned and the recovery folder can bestored at the partitioned portion to ensure its contents are preservedduring the refresh. The remainder of the device hard drive can then bereformatted and a new instance of the OS can be installed.

After installation of the new instance of the OS, a second command fileof the refresh process files can be executed that migrates themanagement applications, managed applications, and device identificationinformation from the recovery folder to the new instance of the OS.

When the device is ready for the user to first login to the refresheddevice, the login can initiate execution of a third command file thatre-installs the management applications and managed applications to thenew OS instance. The third command file can also re-enroll the device inthe management platform by providing device identification informationto a management server.

This process can be repeated any time a refresh becomes necessary at themanaged device. Using the refresh process files, which are automaticallyexecuted during the device refresh process, continued management of thedevice is possible with minimal action required by the user or anadministrator overseeing the device's management.

FIGS. 1-4 provide a flowchart of example methods for refreshing the OSof a device enrolled in a management platform. FIG. 5 provides asequence diagram of example methods for refreshing the OS. FIGS. 6 and 7provide a flowchart of example methods for resetting the OS of a manageddevice. FIG. 8 provides a sequence diagram of example methods forresetting the OS. FIG. 9. provides an example system for eitherrefreshing or resetting the OS of a managed device.

Turning to FIG. 1, a flowchart for carrying out the various methodsdescribed herein is depicted. At a first step 110, a request to refreshthe OS of a device is received at the device. In some examples, therequest can be initiated by an administrator at an administratorconsole. The administrator console can communicate the request to amanagement server that relays the request to the device.

In further examples, the management server communicates with amanagement agent application installed at the device. The communicationchannel between the management server and the agent application can beestablished during a prior device enrollment process. During theenrollment process, device identification information can be sent fromthe device to the management server, including one or more of anenrollment key and an authentication token. In this manner, themanagement server can both identify the managed device and authenticatecommunications received from the device.

In an alternative example, the request to refresh the OS can beinitiated at the device by a user, without communication with themanagement server or the administrator console. It should be noted,however, that a communication channel between the device and themanagement server would already have been established in the deviceenrollment process described above. In another example, a request torefresh the OS can be sent from the device to the administrator consolethrough the management server. The administrator can approve the requestand send an approval to the device, again through the management server.

At step 120, the device can confirm that one or more refresh processfiles are stored in a recovery folder of the device OS. The recoveryfolder will be preserved during the OS refresh, as described in moredetail below. The refresh process files include command files that canbe executed at particular points in an OS refresh process to ensure thatthe device can be automatically re-enrolled in the management platformupon completion of the OS refresh. The refresh process files can includea backup command file, a migration or recovery command file, and anunattended answer file containing re-installation and re-enrollmentcommand files.

Once it is confirmed that all the refresh process files are present, theOS refresh process continues to step 130. There, a first commandfile—the backup command file—can be executed. Execution of the backupcommand file ensures that copies of elements of the device managementplatform that are necessary to re-enroll the device are saved to therecovery folder. Further details regarding execution of the backupcommand file are discussed below with respect to FIG. 3.

After the back-up command file has executed and the elements needed tore-enroll the device have been stored in the recovery folder, the OSrefresh process continues to step 140. There, a portion of the harddrive of the device is partitioned and the recovery folder and itscontents are saved in the partitioned portion. The information stored atthe partitioned portion of the hard drive can be preserved during the OSrefresh. The remainder of the hard drive can then be reformatted and anew instance of the OS can be installed there.

At step 150, the second command file—the migration or recovery commandfile—is executed. In some examples, the recovery command file ensuresthat information stored in the recovery folder is migrated from thepartitioned portion to the new OS instance. The recovery command filecan execute without any further input from the user or administratorbeyond the initial request to refresh the OS. For example, execution ofthe recovery command file can be triggered by completion of theinstallation of the new instance of the OS or some other eventindicating that the new instance of the OS is in place. Further detailsregarding execution of the recovery command file are discussed withrespect to FIG. 4.

At step 160, the device is now configured for an “Out of the BoxExperience” (“OOBE”). The OOBE includes the workflow or series ofscreens and requests for information that a user encounters when firstlogging into a new device. During the OOBE, one or more additionalelements of the new OS instance can be installed and one or morefeatures of the device can be customized by the user. It is during theOOBE that the third command file—the unattended answer file—is executed.The file is referred to as “unattended” because it does not requiredirect input from the user or administrator during execution. Theunattended answer file can include scripts including a re-installationcommand file and a re-enrollment command file.

Execution of the unattended answer file can be triggered uponcommencement of the OOBE or by the occurrence of an event that occursduring the OOBE. In one aspect, the re-installation command file willexecute the installation files associated with the managementapplications and managed applications that were migrated over to the newOS instance. The new location of these new application instances withinthe new OS instance can be specified by the re-installation commandfile. The re-installation command file can also contain settingsinformation to be applied to each of the management and managedapplications following install.

Upon installation of the management applications, the re-enrollmentcommand file can execute and, using the migrated device identificationinformation, re-enroll the device with the management server. In theseexamples, all applications and data that were necessary to maintain theprior instance of the management platform on the device and enablecommunication with the management server are already present in the newOS instance.

Once the device is re-enrolled in the management platform and themanagement and managed applications are installed at the device, thedevice can transmit a message confirming the OS refresh was successfulto the management server or the administrator console. At step 170, thedevice can also send a request to the management server for anyapplication or settings updates that may have been received by themanagement server from the administrator console but have not yet beenapplied to the applications and settings of the device since the OSrefresh.

If any updates exist, the management server can transmit those to agentapplication of the device to be installed or applied. Once this updateprocedure is complete, the device is effectively restored to itspre-refresh configuration. Importantly, the re-enrollment process,including installation of all management and managed applications, canbe accomplished during the OS refresh without significant input from theuser or administrator beyond providing the initial instruction torefresh the OS.

FIG. 2 depicts a process for confirming the presence of the refreshprocess files in the recovery folder, described above with respect tostep 120 of FIG. 1. At step 210, a request to refresh the OS is receivedat the device. As discussed previously, this request can be initiated atan administrator console and relayed to the device through a managementserver or the request can be initiated by the user at the device.

At step 220, the device can determine if the refresh process files arepresent in the recovery folder. If they are present, then the processadvances to step 260 and the refresh process continues to step 130 ofFIG. 1, as described in more detail below. If the refresh process filesare not present in the recovery folder, the device can transmit arequest to the management server for the recovery files at step 230. Forexample, the device can first confirm the presence of each of a back-upcommand file, a migration or recovery command file, and an unattendedanswer file containing re-installation and re-enrollment command files.Where one or more of such files are missing, the device can request themissing files from the management server. In a further example, evenwhen all the refresh process files are present in the recovery folder,the device can request any updates to those files from the managementserver.

At step 240, the management server sends the requested refresh processfiles to the device. Again, the management server may send all of therequested refresh process files to the device or some subset, dependingon which files are missing or in need of an update at the device. Thetransmission of the refresh process files by the management device mayor may not be performed without requiring any action by an administratorat an administrator console. In some examples, the management server maysend a request to authorize transmission of the refresh process files tothe administrator console and refrain from sending the files to thedevice until a confirmation from the administrator console is received.

Once the requested refresh process files have been sent to the device,at step 250, the device can store the received files in the recoveryfolder for use during the refresh process. The refresh process can thencontinue at step 260.

FIG. 3 provides further details regarding the backup process describedabove with respect to step 130 of FIG. 1. At step 310, copies ofinstallation files associated with one or more management applicationsare stored in the device recovery folder. The management applicationscan include a management agent application, a management workspaceapplication, and a management provisioning application. The agentapplication is described above and serves to facilitate communicationbetween the device and the management server and, by extension, theadministrator console. The workspace application provides a secureenvironment on the device within which the one or more managedapplications can operate. In this manner, the user need not providecredentials or authentication information for each managed applicationrunning on the device. Rather, authentication of the workspaceapplication is ensured and the user can access managed applicationswithin the workspace environment without encountering furtherauthentication requirements. The management provisioning application canconfigure the settings of managed applications operating within theworkspace environment. In some embodiments, the agent application,workspace application, and provisioning application are all embodied ina single application.

At step 320, copies of installation files associated with one or moremanaged applications are stored in the recovery folder. The managedapplications can be any applications installed on the device that areunder management. For example, the managed applications can include anemail application, a WiFi application, a VPN application, a file managerapplication, and a word processor application.

Device identification information is also stored in the recover folderat step 330. The device identification information can include, but isnot limited to, a device ID uniquely identifying the device, one or moremanagement platform enrollment keys, and one or more authenticationtokens to be used to authenticate communications with the managementserver. After the device identification information and the installationfiles for the management and managed applications are stored in therecover folder, the refresh process continues at step 340.

FIG. 4 provides further details regarding the migration processinitiated by the execution of the recovery command file, described abovewith respect to step 150 of FIG. 1. At step 410, the installation filesassociated with the management applications are migrated from therecovery folder to an appropriate location in the new OS instance. Asdiscussed above, the management applications can include the agentapplication, the workspace application, and the provisioningapplication. In some examples, the location at which the installationfiles will be stored in the new OS instance can be specified by therecovery command file. The recovery command file can specify a locationreflective of where the information was stored in the prior instance ofthe OS.

At step 420, the installation files associated with the managedapplications can be similarly migrated to the new OS instance. Again,the new location of the managed application installation files can bespecified in the recovery command file and doesn't necessarily need tobe the same location as the installation files associated with themanaged application installation files.

The device identification information is also migrated from the recoveryfolder to the new OS instance at step 430. As discussed above, thedevice identification information can include the device ID, one or moremanagement platform enrollment keys, and one or more authenticationtokens to be used for communication with the management server. Infurther embodiments, any information necessary to re-enroll the devicewith the management server is included in the device identificationinformation. The location in the new OS instance to which thisinformation is migrated can be specified by the recovery command file.

In some embodiments, some contents of the recovery folder will not bemigrated to the new OS. For example, the refresh process files,including the back-up command file, the recovery command file, and theunattended answer file may not be migrated to the new OS. Rather, thosefiles can be executed from the recovery folder during the refreshprocess and may not be needed in the new OS instance. Alternatively, therefresh process files can also be migrated upon execution of therecovery command file for use in a future refresh process.

After the device identification information and the installation filesfor the management and managed applications are migrated to the new OSinstance, the refresh process continues at step 440.

FIG. 5 depicts a sequence diagram of an example method for refreshingthe operating system of a device enrolled in a management platform. Atstage 505 a, a request to refresh the OS is generated at administratorconsole. The request is received by a management server and transmittedto the appropriate device at stage 510 a. In alternative embodiments, atstage 505 b, the request to refresh the OS is generated by the user atthe device rather than by an administrator at the administrator console.

At stage 515, the device confirms the refresh process files are storedin the device's recovery folder. These files can include a back-upcommand file, a migration or recovery command file, and an unattendedanswer file. In some examples, the unattended answer file can contain are-installation command file and a re-enrollment command file.

If one or more of the refresh process files are not found in therecovery folder, at stage 520, the device can request the missing filesfrom the management server. At stage 525, the management server can sendthe missing files to the device. At stage 530, the device stores thereceived refresh process files to the recovery folder. Further detailsregarding the process of confirming the presence of the refresh processfiles and how any missing files can be requested are explained abovewith respect to FIGS. 1 and 2.

At stage 535, a first of the refresh process files—the back-up commandfile—can execute. The back-up command file can initiate a process ofstoring copies of installation files associated with one or moremanagement applications and one or more managed applications to therecovery folder. As discussed above, the management applications caninclude an agent application, a workspace application, and aprovisioning application. In some embodiments, these three applicationsare embodied in a single application.

The managed applications can include any application under management onthe device, including but not limited to an email application, a WiFiapplication, a VPN application, a file manager application, and a wordprocessor application.

In addition to the installation files for the management and managedapplications, the back-up command file can also store copies of alldevice identification information in the recovery folder. The deviceidentification information can include a device ID, one or moreenrollment keys, and one or more authentication tokens for communicatingwith the management server. Importantly, the device identificationinformation can contain all data needed to communicate with themanagement server through the management application(s), in one example.

At stage 540, once the device identification information and theinstallation files for the management and managed applications arestored in the recovery folder, the refresh process can partition aportion of the device hard drive in preparation for installing the newOS instance. The files and data contained in the recovery folder can bestored in the partitioned portion of the hard drive and the remainder ofthe hard drive can be reformatted. Moving the contents of the recoveryfolder to the partitioned portion of the hard drive ensures they areretained during the reformatting. A new instance of the OS can then beinstalled at the device following the reformatting of the hard drive.

Once the new instance of the OS is installed, the second of the refreshprocess files—the recovery command file—can execute at stage 545 withoutany further input from the user or the administrator. For example,execution of the recovery command file can be triggered by successfulinstallation of the new OS instance or some other event indicating thatthe new OS instance is in place.

In some examples, the recovery command file ensures that informationstored in the recovery folder is migrated from the partitioned portionof the device hard drive to the new OS instance. In one aspect, therecovery command file can direct the device processor to save copies ofthe device identification information and installation files associatedwith the management and managed applications within the new OS instance.The recovery command file may further include instructions to theprocessor regarding precisely where in the new OS instance to store eachpiece of information.

In some examples, the processor may not migrate copies of some of therecovery folder contents over to the new OS instance. For example, theprocessor may not migrate refresh process files, including the back-upcommand file, the recovery command file, and the unattended answer fileto the new OS. Rather, the processor can execute those files from therecovery folder during the refresh process and those files can then bediscarded when no longer needed. Alternatively, the processor canmigrate those files over to the new OS instance based on instructionscontained in the recovery command file and used in a future refreshprocess.

Once the new OS instance has been installed, the device is configuredfor the OOBE. During the OOBE, the user can login to the device andnavigate a predetermined workflow to finalize the device configuration,apply settings, and complete any application installations. During theOOBE, at stage 550, the processor can execute the third command file—theunattended answer file. Execution of the unattended answer file, inturn, causes the processor to execute a re-installation command file anda re-enrollment command file.

Execution of the unattended answer file, the re-installation commandfile, and the re-enrollment command file can be triggered uponcommencement of the OOBE or by the occurrence of an event that occursduring the OOBE. In one aspect, the re-installation command file willexecute the installation files associated with the managementapplications and managed applications that were previously migrated overto the new OS instance. The re-installation command file can containinformation indicating where in the new OS instance to install each ofthese applications, as well as settings information to be applied toeach application.

After installation of the management applications, at stage 555, thedevice processor can execute the re-enrollment command file. The devicesends a request to the management server, using the newly-installedmanagement agent application, that includes the device identificationinformation necessary to re-enroll the device with the server. Forexample, the re-enrollment request can include the device ID, one ormore enrollment keys, and one or more authentication tokens. At stage560, the management server confirms the identity of the device andre-enrolls the device in the management platform.

In some embodiments, upon re-enrollment, the device may also request anyavailable updates to the device's applications or settings from themanagement server at stage 565. The management server can determine ifany such updates exist and, if so, send those updates to the device atstage 570. Alternatively, if no such updates exist, the managementserver may transmit a message that the device is currently up to date.

FIG. 6 depicts a method for resetting a managed device as opposed torefreshing it. A reset process can be employed when the managed deviceis changing hands from one user to another. For example, when a firstemployee leaves an enterprise and his device is wiped clean and providedto a new employee. Another example is when a first student graduatesfrom a class at the end of the school year and her school-issued deviceis given to an incoming student the following school year. In theseinstances, it may be desirable to wipe a device completely clean. Doingso can delete any information that belonged to the former device holder,while avoiding spending a great deal of time reconstructing a managementplatform on the device.

At step 610, a request to reset the OS of a device is received at thedevice. Similar to the refresh process described above, an administratorconsole (and through a management server) or the device can initiate thereset request. Requesting the reset from the device may, in someexamples, trigger a request to the management server, seekingauthorization to reset the device. The approval can be sent back to thedevice from the administrator console, again through the managementserver.

At step 620, the device can confirm one or more reset process files arestored in a recovery folder of the device OS. The recovery folder can bepreserved during the OS reset, as described in more detail with respectto the refresh process. The reset process files can include anapplication cache, a recovery command file, and an unattended answerfile containing an installation command file.

FIG. 7 depicts a process for confirming the presence of the resetprocess files in the recovery folder. At step 710, a request to resetthe OS is received at the device. At step 720, the device can determineif the reset process files are present in the recovery folder. If theyare present, then the process advances to step 760 and the reset processreturns to step 630 of FIG. 6, described in more detail below.

If the reset process files are not present in the recovery folder, atstep 730, the device can notify the administrator console, through themanagement server, that one or more reset process files are missing.More specifically, the device can determine whether each of anapplication cache, a recovery command file, and an unattended answerfile containing an installation command file are present in the devicerecovery folder. Where one or more of such files are missing, the devicecan notify the administrator console and identify which files aremissing. In a further embodiment, even when all the reset process filesare present in the recovery folder, the device can request any updatesto those files from the management server.

At step 740, an administrator can construct a cache of installationfiles associated with the management and managed applications to beinstalled for the next user. In some examples, the cache of applicationsincludes installation files for one or more management applications,such as an agent application, a workspace application, and aprovisioning application. In alternative examples, the agent, workspace,and provisioning application can all be embodied in a singleapplication. The cache of applications can also include installationfiles for any applications that the administrator would like managed onthe device, such as an email application, a WiFi application, a VPNapplication, a file manager application, and a word processorapplication.

After the cache of applications is constructed, at step 750, the cachecan be transmitted to the device from the administrator console, throughthe management server. If any other reset process files were missing,those files can also be sent to the device at this stage. Upon receipt,the device can store the cache and any other missing reset process filesin the recovery folder at step 760. The reset process can then continue.

Returning to FIG. 6, once it is confirmed that all the reset processfiles are stored in the recovery folder, the OS reset process continuesto step 630. There, a portion of the hard drive of the device ispartitioned and the recovery folder and its contents are saved in thepartitioned portion. The information stored at the partitioned portionof the hard drive can be preserved during the OS refresh. The remainderof the hard drive can then be reformatted and a new instance of the OScan be installed there.

At step 640, the device processor can execute the recovery command file.In some examples, the recovery command file ensures that the processormigrates information stored in the recovery folder from the partitionedportion of the device hard drive to the new OS instance. The recoverycommand file can execute without any further input from the user oradministrator beyond the initial request to reset the OS. For example,execution of the recovery command file can be triggered by completion ofthe installation of the new instance of the OS or some other eventindicating that the new instance of the OS is in place. In particular,the installation files associated with the management and managedapplications are migrated from the recovery folder to an appropriatelocation in the new OS instance. In some examples, the exact location atwhich each installation file will be stored in the new OS instance canbe specified by the recovery command file and, often, will be reflectiveof the location that information was stored in the prior instance of theOS.

In some examples, some contents of the recovery folder will not bemigrated to the new OS. For example, the recovery command file and theunattended answer file may not be migrated to the new OS. Rather, thosefiles can be executed from the recovery folder during the reset processand may not be needed in the new OS instance. Alternatively, all thereset process files can be migrated upon execution of the recoverycommand file for use in a future reset process.

At step 650, an administrator can now login to the device in an “auditmode.” Audit mode provides a way for an administrator to login to adevice to ensure it is configured properly and has all desired softwareinstalled. It is contemplated that this step can occur after theprevious user has returned their device but before the device has beendistributed to its next user. For example, where the previous user is astudent, this step can be conducted by an administrator or teacher inpossession of the device prior to its distribution to another studentthe following year.

In audit mode, the unattended answer file, which can contain orreference the installation command file, can execute. As described withrespect to other examples, the installation command file can thenexecute each installation file in the application cache without anyinput from the administrator or user. Rather, the unattended answer fileand the installation command file can be triggered by the administratorlogging into the device in audit mode or by the occurrence of an eventthat occurs during the audit process. The location of each newapplication within the new OS instance can be specified by theinstallation command file. The installation command file can alsocontain settings information to be applied to each of the management andmanaged applications following install.

While the process of installing each management and managed applicationfrom the application cache can take time, one advantage to the resetprocess described here is that the installation process is undertaken ina timeframe when the device is between users. For example, where astudent turns her device in at the end of the school year, theinstallation of applications from the application cache can take placeduring the break from school and prior to the device being distributedto a new student.

At step 660, the device is now ready for a new user. Upon logging in,the user can be presented with OOBE. In some examples, during the OOBE,one or more additional elements of the new OS instance can be installedand one or more features of the device can be customized by the user. Itis also during the OOBE that the user will be prompted through a deviceenrollment process. During the enrollment process, the user may provideinformation confirming his or her identity. Information may also becollected from the device by the management server to properly identifythe device. In further examples, all steps will be taken to enroll thedevice in the managed platform and facilitate communication between themanagement server and the agent application installed on the device.

Once the device is enrolled in the management platform, at step 670, thedevice can also send a request to the management server for anyapplication or settings updates that may have been received by themanagement server or the administrator console but have not yet beenapplied to the applications and settings of the device since the OSreset. If any such updates exist, the management server can transmitthose updates to the agent application of the device for installation.

FIG. 8 depicts a sequence diagram of an example method for resetting theoperating system of a device enrolled in a management platform. At stage805 a, a request to reset the OS is generated at administrator console.The request is received by a management server and transmitted to theappropriate device at stage 810 a. In alternative examples, at stage 805b, the request to reset the OS is generated at the device rather than atthe administrator console.

Regardless, at stage 815, the device confirms the reset process filesare stored in the device's recovery folder. These files include, but arenot limited to, an application cache, a recovery command file, and anunattended answer file. In some embodiments, the unattended answer fileis associated with an installation command file.

If one or more of the reset process files are not found in the recoveryfolder, at stage 820, the device can request the missing files from themanagement server. This request can be passed on to the administratorconsole at stage 825.

At stage 830, an administrator at the administrator console constructsthe application cache. In some examples, the application cache includesinstallation files associated with one or more management applicationsand one or more managed applications. The one or more managementapplications can include an agent application, a workspace application,and a provisioning application. The one or more managed applications caninclude any applications that the administrator would like managed onthe device, such as an email application, a WiFi application, a VPNapplication, a file manager application, and a word processorapplication.

After the cache of applications is constructed, at stage 835, theapplication cache can be transmitted to the management server and thenon to the device at stage 840. If any other reset process files weremissing, such as the recovery command file or the unattended answerfile, those files can also be sent to the device at stage 845. Uponreceipt, the device can store the application cache and any othermissing reset process files in the recovery folder at stage 850.

At stage 855, the device processor partitions a portion of the harddrive of the device. The processor can then save the recovery folder andits contents in the partitioned portion of the hard drive. Theinformation stored at the partitioned portion of the hard drive can bepreserved during the OS reset. The remainder of the hard drive can thenbe reformatted and a new instance of the OS is installed there.

At 860, the device processor executes the recovery command file, in someexamples. The recovery command file migrates files and data stored inthe recovery folder from the partitioned portion of the device harddrive to the new OS instance. The recovery command file can executewithout any further input from the user or administrator beyond theinitial request to reset the OS. For example, execution of the recoverycommand file can be triggered by completion of the installation of thenew instance of the OS or some other event indicating that the newinstance of the OS is in place. In particular, the installation filesassociated with the management and managed applications are migratedfrom the recovery folder to an appropriate location in the new OSinstance. In some examples, the location at which each installation filewill be stored in the new OS instance can be specified by the recoverycommand file.

An administrator can login to the device in an “audit mode” at stage865. In audit mode, the unattended answer file can cause theinstallation command file to execute. The installation command file, inturn, can then execute each installation file in the application cachewithout any input from the administrator or user. The location of eachnew application within the new OS instance can be specified by theinstallation command file. The installation command file can alsocontain settings information to be applied to each of the management andmanaged applications following installation.

At stage 870, in some examples, the device is ready for a new user. Uponlogging in, the user can be presented with OOBE. In some examples,during the OOBE, one or more additional elements of the new OS instancecan be installed and one or more features of the device can becustomized by the user. The user can also be prompted through a deviceenrollment process. During the enrollment process, at stage 875, theuser can transmit information to the management server confirming his orher identity. Information may also be sent from the device to themanagement server to properly identify the device. In further examples,after sufficient information has been collected from the device, themanagement server can confirm device enrollment at stage 880.

At stage 885, the device can request any application or settings updatesthat may have been received by the management server or theadministrator console but have not yet been applied to the applicationsand settings of the device since the OS reset. If any such updatesexist, the management server can transmit those updates to the agentapplication of the device at stage 890.

FIG. 9 depicts a system 900 for performing the refresh and reset methodsdescribed above. In one aspect, system 900 can include an administratorconsole 910, a management server 920, and one or more managed devices930. Management server 920 can include multiple servers, processors, andcomputing devices. In some examples, management server 920 is a networkof servers, some of which can be located remotely from one another. Inanother example, management server 920 is a single server with multiplepurposes. In yet another example, management server 920 is a server (orgroup of servers) dedicated to the operations described herein.

Management server 920 can be communicatively coupled to administratorconsole 910 via a network, such as the internet. An administrator canutilize console 910 to perform any of the functions described here. Thiscan be accomplished using a graphical user interface (“GUI”) at console910. The administrator can access console 910 by, for example,navigating to a web location using a web browser on a computing deviceor accessing a standalone application on a computing device.

After the administrator has configured any device settings, commandfiles, application caches, or compliance rules to be applied to a device930, the console can transmit this information to management server 920.The information can also identify one or more devices to which itapplies. Management server 920 can store a copy of this information forlater recall and transmit a copy to device 930.

Devices 930 can be any computing device that includes a processor and amemory store, including a laptop or desktop computer, phone, tablet, orwatch. Like administrator console 910, devices 930 can communicate withthe management server 920 over a network, such as the internet. Asdescribed above with respect to the previous examples, device 930 caninclude an OS 935. A recovery folder 940 and a managed environment 945can be stored within the OS 935. In some examples, managed environment945 can include one or more managed applications and one or more managedapplications.

In accordance with the examples presented here, a managed device can berefreshed or reset with minimal involvement by the user of the device ora system administrator. The described methods and systems allow for theOS of a managed device to be refreshed while retaining the necessarysoftware components of the management platform and all informationneeded to re-establish communication between the refreshed device and amanagement server. Where the proper refresh and reset process files arealready stored in the recovery folder of the device, the example methodsand systems presented here also have the advantage of allowing a user torefresh or reset a device and re-install all software necessary tore-enroll the device in the management platform without an internetconnection.

Though some of the described methods have been presented as a series ofsteps, it should be appreciated that one or more steps can occursimultaneously, in an overlapping fashion, or in a different order. Theorder of steps presented are only illustrative of the possibilities andthose steps can be executed or performed in any suitable fashion.Moreover, the various features of the examples described here are notmutually exclusive. Rather, any feature of any example described herecan be incorporated into any other suitable example. It is intended thatthe specification and examples be considered as illustrative only, witha true scope and spirit of the disclosure being indicated by thefollowing claims.

What is claimed is:
 1. A method for refreshing an operating system of adevice enrolled in a management system, the method including: receiving,at the device enrolled the management system, a request to refresh theoperating system (“OS”) of the device; storing a plurality of refreshprocess files, including a backup command file, a migration commandfile, and an unattended answer file, to a recovery folder of the OS;executing the backup command file to store a plurality of items in therecovery folder of the OS, the plurality of items including: a deviceID; a management platform enrollment key; an authentication token forauthenticating communications with a management server; a managementagent application installation file; and at least one managedapplication installation file; installing a new instance of the OS atthe device while retaining the plurality of items stored in the recoveryfolder; automatically executing, from the recovery folder outside thenew instance of the OS, the migration command file that migrates theplurality of items from the recovery folder to the new OS instance; upona first login to the new instance of the OS by the user, executing, fromthe recovery folder, the unattended answer file that installs themanagement agent application and transmits at least a portion of theplurality of items to the management server to enroll the device withthe management system.
 2. The method of claim 1, wherein the request torefresh the OS originates from an administrator console and is sent tothe device by the management server.
 3. The method of claim 1, whereinthe request to refresh the OS originates from the device.
 4. The methodof claim 1, wherein the installing a new instance of the OS at thedevice includes partitioning a portion of a hard drive of the device andretaining the plurality of items stored in the recovery folder in thepartitioned portion.
 5. The method of claim 1, wherein the plurality ofitems in the recovery folder further includes a management workspaceapplication installation file or a management provisioning applicationinstallation file.
 6. The method of claim 1, further including, afterreceiving the request to refresh the OS: determining that at least oneof the plurality of refresh process files are not stored in the recoveryfolder; sending a request to the management server for the at least oneof the plurality of refresh process files; and receiving, from themanagement server, the at least one of the plurality of refresh processfiles.
 7. The method of claim 1, wherein the unattended answer filecontains a re-installation command file and a re-enrollment commandfile.
 8. A non-transitory, computer-readable medium includinginstructions that, when executed by a processor, performs stages forrefreshing an operating system of a device enrolled in a managementplatform, the stages including: receiving, at the device enrolled in amanagement system, a request to refresh the operating system (OS) of thedevice; storing a plurality of refresh process files, including a backupcommand file, a migration command file, and an unattended answer tile,to a recovery folder of the OS; executing the backup command file tostore a plurality of items in the recovery folder of the OS, theplurality of items including: a device ID; a management platformenrollment key; an authentication token for authenticatingcommunications with a management server; a management agent applicationinstallation file; and at least one managed application installationfile; installing a new instance of the OS at the device while retainingthe plurality of items stored in the recovery folder; automaticallyexecuting, from the recovery folder outside the new instance of the OS,the migration command file that migrates the plurality of items from therecovery folder to the new OS instance; upon a first login to the newinstance of the OS by the user, executing, from the recovery folder, theunattended answer file that installs the management agent applicationand transmits at least a portion of the plurality of items to themanagement server to enroll the device with the management system. 9.The non-transitory, computer-readable medium of claim 8, wherein therequest to refresh the OS originates from an administrator console andis sent to the device by the management server.
 10. The non-transitory,computer-readable medium of claim 8, wherein the request to refresh theOS originates from the device.
 11. The non-transitory, computer-readablemedium of claim 8, wherein the installing a new instance of the OS atthe device includes partitioning a portion of a hard drive of the deviceand retaining the plurality of items stored in the recovery folder inthe partitioned portion.
 12. The non-transitory, computer-readablemedium of claim 8, wherein the plurality of items in the recovery folderfurther includes a management workspace application installation file ora management provisioning application installation file.
 13. Thenon-transitory, computer-readable medium of claim 8, the stages furtherincluding, after receiving the request to refresh the OS: determiningthat at least one of the plurality of refresh process files are notstored in the recovery folder; sending a request to the managementserver for the at least one of the plurality of refresh process files;and receiving, from the management server, the at least one of theplurality of refresh process files.
 14. The non-transitory,computer-readable medium of claim 8, wherein the unattended answer filecontains a re-installation command file and a re-enrollment commandfile.
 15. A system for refreshing an operating system of a deviceenrolled in a management platform, the system including: a memorystorage including a non-transitory, computer-readable medium includinginstructions; and a computing device including a processor that executesthe instructions to carry out stages including: receiving, at the deviceenrolled in a management system, a request to refresh the operatingsystem (“OS”) of the device; storing a plurality of refresh processfiles, including a backup command file, a migration command file, and anunattended answer file, to a recovery folder of the OS; executing thebackup command file to store a plurality of items in the recovery folderof the OS, the plurality of items including: a device ID; a managementplatform enrollment key; an authentication token for authenticatingcommunications with a management server; a management agent applicationinstallation file; and at least one managed application installationfile; installing a new instance of the OS at the device while retainingthe plurality of items stored in the recovery folder; automaticallyexecuting, from the recovery folder outside the new instance of the OS,the migration command file that migrates the plurality of items from therecovery folder to the new OS instance; upon a first login to the new inof the OS by the user, executing, from the recovery folder, theunattended answer file that installs the management agent applicationand transmits at least a portion of the plurality of items to themanagement server to enroll the device with the management system. 16.The system of claim 15, wherein the request to refresh the OS originatesfrom an administrator console and is sent to the device by themanagement server.
 17. The system of claim 15, wherein the installing anew instance of the OS at the device includes partitioning a portion ofa hard drive of the device and retaining the plurality of items storedin the recovery folder in the partitioned portion.
 18. The system ofclaim 15, wherein the plurality of items in the recovery folder furtherincludes a management workspace application installation file or amanagement provisioning application installation file.
 19. The system ofclaim 15, the stages further including, after receiving the request torefresh the OS: determining that at least one of the plurality ofrefresh process files are not stored in the recovery folder; sending arequest to the management server for the at least one of the pluralityof refresh process files; and receiving, from the management server, theat least one of the plurality of refresh process files.
 20. The systemof claim 15, wherein the unattended answer file contains are-installation command file and a re-enrollment command file.